incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wyllys Ingersoll <>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Wed, 25 Mar 2009 13:18:21 GMT

Trupti, David, Jim, et al -
   Thanks for the suggestions.   I don't think that my problem is related
to the actual LDAP authentication (though the issue with group mapping may be
important, I am going to investigate that).  My users are able to authenticate 
correctly to the LDAP server,  I can verify this by entering an incorrect password 
and noting that it definitely fails as expected.

The problem seems to be in how JSPWiki recognizes the user after the container
LDAP auth succeeds.  

   Also, I am running the Sun Webserver 7 product, not Apache/Tomcat in this case,
so my server.xml is a little different.  There are no "UserDatabase" entries in 
the server.xml.  I can probably add a "Realm className= ..." entry as you suggest
below, but I would not know what to put in for the connectionName and password,
I certainly cannot and will not put my own name/password in there.  Maybe I don't
need one?  I will try some things and see if I can make it work.  Perhaps there are
some settings in the webserver configuration that I need to modify, I will investigate.

   I still suspect a bug in JSPWiki since I know that my users are authenticated,
but the Login.jsp logic seems to want to reject my users once they are already
authenticated - it does not allow the ?redirect=Main to work.


TruptiP wrote:
> Hi Wyllys,
> The same problem I faced when I tried for LDAp authentication.
> The role name you mentioned in server.xml of Tomcat must match with role
> name you specified in web.xml of Jspwiki.
> How you are extracting ROLE Name from LDAP 
>  <Realm className="org.apache.catalina.realm.JNDIRealm"
> 		connectionURL="ldap://URL:389"
> 		connectionName="uid=admin,ou=Directory Administrators,dc=domain,dc=com"
> 		connectionPassword="admin"
> 		userBase="ou=Root,dc=domain,dc=com"
> 		userSubtree="true"
> 		userSearch="(uid={0})"
> 		userRoleName="groups"
> /> 
> Choosing userRoleName  is very important.
> e.g. User is member of 2 groups 
> groups= abc
> groups=pqr
> You can either use abc or pqr in web.xml of Jspwiki for authenticated area
> and admin area.
> There may be many groups or one common group which include all members. 
> Just try this out and let us know result.
> Regards,
> Trupti Patil


View raw message